Описание
Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
Отчет
Not vulnerable. This issue did not affect the versions of Apache Tomcat 5 as shipped with Red Hat Enterprise Linux 5, Red Hat Developer Suite 3, Red Hat Certificate System 7.3, Red Hat Network Satellite 5.3.0 and earlier versions and JBoss Enterprise Web Server 1.0. It did not affect the versions of Apache Tomcat 6 as shipped with Red Hat Enterprise Linux 6 and JBoss Enterprise Web Server 1.0. It also did not affect the versions of jbossweb as shipped with JBoss Enterprise Application Platform 4.3.0 and earlier versions, as this flaw only affects Apache Tomcat 7.0.0 to 7.0.10.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | tomcat5 | Not affected | ||
| Red Hat Enterprise Linux 6 | tomcat6 | Not affected |
Показывать по
Дополнительная информация
Статус:
5.8 Medium
CVSS2
Связанные уязвимости
Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annota ...
Apache Tomcat allows remote attackers to bypass intended access restrictions
5.8 Medium
CVSS2